IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

permission-find: Cache the root entry for legacy permissions

Browse Source 
This makes searching faster if there are many legacy permissions present.

The root entry (which contains all legacy permission ACIs) is only
looked up once.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
Petr Viktorin 2014-02-28 13:38:12 +01:00 committed by Martin Kosek
parent 8e98690409
commit 34c3d309d9
1 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ipalib/plugins/permission.py
View File

@ -522,13 +522,14 @@ class permission(baseldap.LDAPObject):
return acientry, acistring return acientry, acistring
def _get_aci_entry_and_string(self, permission_entry, name=None, def _get_aci_entry_and_string(self, permission_entry, name=None,
notfound_ok=False): notfound_ok=False, cached_acientry=None):
"""Get the entry and ACI corresponding to the permission entry """Get the entry and ACI corresponding to the permission entry
:param name: The name of the permission, or None for the cn :param name: The name of the permission, or None for the cn
:param notfound_ok: :param notfound_ok:
If true, (acientry, None) will be returned on missing ACI, rather If true, (acientry, None) will be returned on missing ACI, rather
than raising exception than raising exception
:param cached_acientry: See upgrade_permission()
""" """
ldap = self.api.Backend.ldap2 ldap = self.api.Backend.ldap2
if name is None: if name is None:
@ -537,10 +538,15 @@ class permission(baseldap.LDAPObject):
self.api.env.basedn) self.api.env.basedn)
wanted_aciname = 'permission:%s' % name wanted_aciname = 'permission:%s' % name
try: if (cached_acientry and
acientry = ldap.get_entry(location, ['aci']) cached_acientry.dn == location and
except errors.NotFound: 'aci' in cached_acientry):
acientry = ldap.make_entry(location) acientry = cached_acientry
else:
try:
acientry = ldap.get_entry(location, ['aci'])
except errors.NotFound:
acientry = ldap.make_entry(location)
acis = acientry.get('aci', ()) acis = acientry.get('aci', ())
for acistring in acis: for acistring in acis:
aci = ACI(acistring) aci = ACI(acistring)
@ -554,7 +560,7 @@ class permission(baseldap.LDAPObject):
'in %(dn)s ') % {'name': name, 'dn': location}) 'in %(dn)s ') % {'name': name, 'dn': location})
def upgrade_permission(self, entry, target_entry=None, def upgrade_permission(self, entry, target_entry=None,
output_only=False): output_only=False, cached_acientry=None):
"""Upgrade the given permission entry to V2, in-place """Upgrade the given permission entry to V2, in-place
The entry is only upgraded if it is a plain old-style permission, The entry is only upgraded if it is a plain old-style permission,
@ -567,11 +573,16 @@ class permission(baseldap.LDAPObject):
:param output_only: :param output_only:
If true, the flags are not updated to V2. If true, the flags are not updated to V2.
Used for the -find and -show commands. Used for the -find and -show commands.
:param cached_acientry:
Optional pre-retreived entry that contains the existing ACI.
If it is None or its DN does not match the location DN,
cached_acientry is ignored and the entry is retreived from LDAP.
""" """
if entry.get('ipapermissiontype'): if entry.get('ipapermissiontype'):
# Only convert old-style, non-SYSTEM permissions -- i.e. no flags # Only convert old-style, non-SYSTEM permissions -- i.e. no flags
return return
base, acistring = self._get_aci_entry_and_string(entry) base, acistring = self._get_aci_entry_and_string(
entry, cached_acientry=cached_acientry)
if not target_entry: if not target_entry:
target_entry = entry target_entry = entry
@ -1078,8 +1089,11 @@ class permission_find(baseldap.LDAPSearch):
base_dn=DN(self.obj.container_dn, self.api.env.basedn), base_dn=DN(self.obj.container_dn, self.api.env.basedn),
filter=ldap.combine_filters(filters, rules=ldap.MATCH_ALL), filter=ldap.combine_filters(filters, rules=ldap.MATCH_ALL),
attrs_list=attrs_list) attrs_list=attrs_list)
# Retrieve the root entry (with all legacy ACIs) at once
root_entry = ldap.get_entry(DN(api.env.basedn), ['aci'])
except errors.NotFound: except errors.NotFound:
legacy_entries = () legacy_entries = ()
cached_root_entry = None
self.log.debug('potential legacy entries: %s', len(legacy_entries)) self.log.debug('potential legacy entries: %s', len(legacy_entries))
nonlegacy_names = {e.single_value['cn'] for e in entries} nonlegacy_names = {e.single_value['cn'] for e in entries}
for entry in legacy_entries: for entry in legacy_entries:
@ -1094,7 +1108,8 @@ class permission_find(baseldap.LDAPSearch):
entries.pop() entries.pop()
truncated = True truncated = True
break break
self.obj.upgrade_permission(entry, output_only=True) self.obj.upgrade_permission(entry, output_only=True,
cached_acientry=root_entry)
cn = entry.single_value['cn'] cn = entry.single_value['cn']
if any(a.lower() in cn.lower() for a in args if a): if any(a.lower() in cn.lower() for a in args if a):
entries.append(entry) entries.append(entry)